Re: Mercurial 0.4b vs git patchbomb benchmark

[Linus Torvalds]

On Fri, 29 Apr 2005, Tom Lord wrote:
> 
> On the other hand, you're asking people to sign whole trees and not just at
> first-import time but also for every change.

I don't agree.

Sure, the commit determins the whole tree end result, but if you want to 
sign the _tree_, you can do so: just tag the actual _tree_ object as "this 
tree has been verified to be bug-free and non-baby-seal-clubbing".

But that's not what people do with tags. They sign a _commit_ object. And
yes, the commit object points to the tree, but it also points to the whole
history of other commit objects (and thus all historical trees etc), and 
together with just common sense it is very obvious that what you're really 
signing is that "point in time".

If you want to clarify it, you can always just say so in the tag. Instead 
of saying "I tag this as something I have verified every byte of", you can 
say "this was what I released as xxx", or "this commit contains my change" 
or something.

> If I've changed five files, I should be signing a statement of:
> 
> 	1) my belief about the identity of the immediate ancestor tree
> 	2) a robust summary of my changes, sufficient to recreate my
> 	   new tree given a faithful copy of the ancestor

So _do_ exactly that. You can say that in the tag you're signing.

			Linus
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/